CVE-2022-40225 — Incorrect Conversion between Numeric Types in Siemens Siplus TIM 1531 IRC

CWE-681 — Incorrect Conversion between Numeric Types3 documents3 sources

Severity

6.9MEDIUMNVD

EPSS

0.3%

top 49.79%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Siplus TIM 1531 IRC Siemens TIM 1531 IRC Siemens Siplus TIM 1531 IRC Firmware

Timeline

PublishedNov 10

Latest updateJun 11

Description

A vulnerability has been identified in SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions < V2.4.8), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions < V2.4.8). Casting an internal value could lead to floating point exception under certain circumstances. This could allow an attacker to cause a denial of service condition on affected devices.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Packages3 packages

▶CVEListV5siemens/siplus_tim_1531_irc< V2.4.8

▶NVDsiemens/siplus_tim_1531_irc_firmware< 2.4.8

▶CVEListV5siemens/tim_1531_irc< V2.4.8

Patches

Patch: cert-portal.siemens.com ↗Patch: cert-portal.siemens.com ↗

🔴Vulnerability Details

CVEList

CVE-2022-40225: A vulnerability has been identified in SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions < V2↗2024-06-11

▶

GHSA

GHSA-7xr5-w5mj-r2jm: A vulnerability has been identified in SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions < V2↗2024-06-11

▶